Google OAuth2 flaw is being actively abused in the wild

Jan 02 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that will never break its resolution to keep you in the know when it comes to steering clear of cybercrime ????????????

Today’s hottest cybersecurity news stories:

  • ⚠️ Google OAuth2 flaw is being actively abused in the wild ????️

  • ???? Automakers on track to regulation due to privacy worries ????

  • ???? N. Korea uses AppleSeed, Meterpreter, TinyNuke malware ????

Hackers: Now where do you think you’re Auth2? ????????????

???? Security Alert: Malware Threat Exploits Google Account Vulnerability! ????

???? Researchers at cybersecurity firm CloudSEK have uncovered a critical threat targeting Google accounts. ???? Multiple malware-as-a-service info stealers, including Lumma Stealer, now possess the ability to manipulate authentication tokens, providing hackers with persistent access even after users reset their passwords. ????

????️ This alarming capability was first identified in November, marking a significant evolution in information-stealing malware. Lumma Stealer, a leading culprit, employs an undocumented exploit in the OAuth 2.0 security protocol, commonly used for Google single sign-on.

????️ Despite Google's silence on the matter, the vulnerability has rapidly spread among various malware groups such as Rhadamanthys, RisePro, Meduza, Stealc Stealer, and Eternity Stealer. The exploit, initially disclosed by an attacker known as PRISMA, allows for "session persistence," maintaining unauthorised access even if passwords are changed.

???? Protect Yourself: Regularly monitor your Google account activity, use multi-factor authentication, and stay updated on security best practices. Report any suspicious activities immediately!

???? This exploit poses severe threats, granting hackers access to Google Drive, email login, and other OAuth-connected services. CloudSEK emphasises the exploit's potential impact on users and organisations, urging vigilance and proactive security measures.

Stay safe online! ????️

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Well they can’t a Ford not to, but let’s wait and see if it’s Fiat for purpose ????????????

???? Auto Privacy Alert: The Hidden Dangers in Your Connected Car!

Faye Francy, head of the Automotive Industry Sharing and Analysis Center, shares her unsettling experience with a used car's infotainment system. After syncing her phone for navigation, she ended up at the previous owner's home and discovered sensitive information. ????

What You Need to Know:

???? Connected vehicles pose privacy risks, even if you don't sync your phone to the infotainment system.

???? Sensors and geolocation can reveal significant data, leading to potential privacy violations.

???? Even erasing data may not be foolproof, as it's often sold to data brokers.

Regulatory Response:

????️‍♂️ California's Privacy Protection Agency is investigating connected vehicle manufacturers for privacy practices.

???? Comprehensive federal privacy legislation is stalled, but the FTC may step in for real change.

FTC Action:

???? FTC could draw parallels from a 2009 Sears settlement, holding automakers accountable for extreme data extraction practices.

???? A potential 6(b) investigation may require major manufacturers to disclose their data practices.

Consumer Concerns:

???? Many manufacturers hide data collection practices in lengthy privacy policies, leaving consumers unaware.

???? Privacy advocates call for clear disclosures and action against excessive data extraction.

What's Next?

???? Politicians, like Sen. Ed Markey, are demanding answers from auto manufacturers about their data practices.

???? The spotlight on car data privacy is growing, with potential regulatory actions and increased consumer awareness.

???? Protect Yourself: Be cautious about syncing personal devices in your car, regularly check privacy settings, and demand clear disclosures from manufacturers. Your car is an extension of your privacy! ????️????

???? Catch of the Day!! ????????????

???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)


???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)


???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)

‘Rocket Man’ uses TinyNuke ????????????

???? Cyber Alert: North Korean Hackers Strike Again! ????

???? Cybersecurity firm AhnLab has identified spear-phishing attacks by North Korea-affiliated nation-state actors using a variety of backdoors and tools, including AppleSeed, Meterpreter, and TinyNuke.

???? The Advanced Persistent Threat group, known as Kimsuky, has been active for over a decade, expanding its targets from South Korea to global entities.

???? Key Findings:

???? AppleSeed, a Windows-based backdoor, has been in use since May 2019 and now has an Android version and a Golang variant called AlphaSeed.

???? AlphaSeed, developed in Golang, employs chromedp for communication with the command-and-control server.

???? Kimsuky has been using AlphaSeed in attacks since October 2022, often deploying both AppleSeed and AlphaSeed on the same target system.

???? Other tools like Meterpreter, TightVNC, and TinyNuke are utilised to take control of compromised systems.

???? Implications:

???? North Korean IT workers are using fake personas on LinkedIn and GitHub to secure remote employment, acting as a revenue stream for the regime.

???? The personas claim expertise in various applications, crypto, and blockchain transactions.

???? Insights: ???? North Korea has been actively targeting blockchain and cryptocurrency firms, utilising diverse tactics to evade sanctions and profit illicitly.

???? Stay Vigilant:

???? Beware of spear-phishing attacks.

???? Regularly update security measures.

???? Monitor online platforms for suspicious activity.

Despite misconceptions, North Korea is a serious cyber player, employing advanced techniques to evade international sanctions and achieve its economic and security goals. ????

Underestimate the Rocket Man at your own peril ????????????

????️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles